<html>
<head>
<style type="text/css">
body {
	font-family:verdana,arial,sans-serif;
	font-size:10pt;
	margin:30px;
	background-color:#ffcc00;
	}
</style>
</head>

<a href ="makeasale.php" target = "_top">Make another sale</a><br />
</head>
<?php
date_default_timezone_set('UTC');

$username="bsc353_4";
$password="sonbeans";
$database="bsc353_4";

$ISBN=$_POST['ISBN'];
$date=date("Y-m-d H:i:s"); 
$customerID=$_POST['customerid'];
$branchID=$_POST['branchid'];
$empID=$_POST['employeeid'];

if($customerID==""||$branchID=="")
{
    echo"Error. Please enter both the Customer ID and Branch ID";
}

else
{

    
mysql_connect("clipper.encs.concordia.ca",$username,$password) or die ("Unable to connect to database");

@mysql_select_db($database) or die ("Unable to select database");

$pricequery= "Select price from Book Where ISBN = '$ISBN'";
$price = mysql_query($pricequery) or die ("failed to retrieve price.");
$pricevalue=intval(mysql_result($price,0,'price'));
// Check connection

$query="INSERT INTO Sale VALUES ('$ISBN', '$date','$customerID', '$branchID', $pricevalue, '$empID')";
//echo"$query";
$storagequery="UPDATE BookInStore SET quantity = quantity - 1 WHERE ISBN = '$ISBN' AND storeBranchID = '$branchID'";
$bookquery="UPDATE Book SET yearToDateQtySold = yearToDateQtySold + 1 WHERE ISBN = '$ISBN'"; 

mysql_query($query) or die ("failed to add record 1");
mysql_query($storagequery) or die ("failed to add record 2");
mysql_query($bookquery) or die ("failed to add record 3");

//VALUES
//('$_POST[price]','$_POST[year]','$_POST[ISBN]', '$_POST[author]', '$_POST[subject]', '$_POST[publisher]', '$_POST[title]',
//'$_POST[quantity]')";

echo "1 record added";
mysql_close();

}


?> 
</html>
